From ddbfdc9f148a8e940cddc7da7be0fe6e9961f84f Mon Sep 17 00:00:00 2001
From: Quentin McGaw <quentin.mcgaw@gmail.com>
Date: Sun, 28 Jul 2024 14:29:00 +0000
Subject: [PATCH] feat(firewall): prefer using iptables nft instead of legacy

---
 Dockerfile                    | 2 +-
 internal/firewall/firewall.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 2c8b4c42..d2984dd5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -222,7 +222,7 @@ RUN apk add --no-cache --update -l wget && \
     apk add --no-cache --update -X "https://dl-cdn.alpinelinux.org/alpine/v3.17/main" openvpn\~2.5 && \
     mv /usr/sbin/openvpn /usr/sbin/openvpn2.5 && \
     apk del openvpn && \
-    apk add --no-cache --update openvpn ca-certificates iptables iptables-legacy unbound tzdata && \
+    apk add --no-cache --update openvpn ca-certificates iptables unbound tzdata && \
     mv /usr/sbin/openvpn /usr/sbin/openvpn2.6 && \
     rm -rf /var/cache/apk/* /etc/unbound/* /usr/sbin/unbound-* /etc/openvpn/*.sh /usr/lib/openvpn/plugins/openvpn-plugin-down-root.so && \
     deluser openvpn && \
diff --git a/internal/firewall/firewall.go b/internal/firewall/firewall.go
index e95d03d8..bbf9b19f 100644
--- a/internal/firewall/firewall.go
+++ b/internal/firewall/firewall.go
@@ -38,7 +38,7 @@ type Config struct { //nolint:maligned
 func NewConfig(ctx context.Context, logger Logger,
 	runner command.Runner, defaultRoutes []routing.DefaultRoute,
 	localNetworks []routing.LocalNetwork) (config *Config, err error) {
-	iptables, err := checkIptablesSupport(ctx, runner, "iptables-legacy", "iptables", "iptables-nft")
+	iptables, err := checkIptablesSupport(ctx, runner, "iptables", "iptables-nft")
 	if err != nil {
 		return nil, err
 	}